RUN AS LOCALSYSTEM USER
This script has been scanned with VirusTotal and Xcitium Verdict Cloud.
PYTHON SCRIPT FILE SHA1 VALUE - 5ca3de213c4cc528b2bf5b0c2dc42fc171152668
JSON FILE SHA1 VALUE - 7674a499efd2f245039cdde895b52bfbf7166560
import os
from subprocess import Popen, PIPE
import ctypes
import _winreg
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
def ecmd(command,name):
with disable_file_system_redirection():
obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)
out, err = obj.communicate()
ret=obj.returncode
if ret==0:
print("successfully uninstalled the %s"%(name))
if out:
print(out.strip())
else:
print(ret)
else:
if err:
print("an error occurred: %s"%(err.strip()))
else:
print("something went wrong. returncode: %s"%(ret))
li=[]
def collectprograms(rtkey,pK,kA):
try:
oK=_winreg.OpenKey(rtkey,pK,0,kA)
i=0
while True:
try:
bkey=_winreg.EnumKey(oK,i)
vkey=os.path.join(pK,bkey)
oK1=_winreg.OpenKey(rtkey,vkey,0,kA)
try:
DN,bla=_winreg.QueryValueEx(oK1,'DisplayName')
DV,bla=_winreg.QueryValueEx(oK1,'UninstallString')
li.append([DN.strip(),DV.strip()])
except:
pass
i+=1
except:
break
except:
pass
_winreg.CloseKey(oK)
return li
def programsinstalled():
uninstallkey='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall'
if 'PROGRAMFILES(X86)' in os.environ.keys():
rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ),
(_winreg.HKEY_LOCAL_MACHINE,uninstallkey,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ),
(_winreg.HKEY_CURRENT_USER,uninstallkey,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ),
(_winreg.HKEY_CURRENT_USER,uninstallkey,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)]
else:
rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey,_winreg.KEY_READ),
(_winreg.HKEY_CURRENT_USER,uninstallkey,_winreg.KEY_READ)]
for i in rklist:
col=collectprograms(i[0], i[1], i[2])
return col
with disable_file_system_redirection():
k=programsinstalled()
arguments = ["/qn", "/quiet"]
for name, ustring in k:
if "Foxit PDF Editor" in name:
if "msi" in ustring:
ecmd('%s %s'%(ustring, arguments[0]), name)
else:
ecmd('%s %s'%(ustring, arguments[1]), name)
if "Foxit PhantomPDF" in name:
if "msi" in ustring:
ecmd('%s %s'%(ustring, arguments[0]), name)
else:
ecmd('%s %s'%(ustring, arguments[1]), name)
Comments